Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

CWS, Trojans and Keylogger havin' a party [CLOSED]

Started by ruthyntrouble , Aug 24 2005 05:37 PM

  • This topic is locked This topic is locked

#76
Bobbi Flekman
Posted 17 October 2005 - 02:56 AM

Bobbi Flekman

    The Computer Whisperer

  • Expert
  • 3,761 posts
  • MVP

Hi Bobbi,

I think I got the file you wanted to see uploaded in the bleeping forum.

I loaded ZA and it is giving me grief. so much to keep an eye on using this...ignorance is bliss with the Micro firewall... :tazz:

Thanks Ruth

Thanks... I'll check out the file... As far as Zone Alarm is concerned. You can tell it to remember the answer you give. After a while you will get no questions asked anymore :)
  • 0

Advertisements

#77
Bobbi Flekman
Posted 18 October 2005 - 04:23 AM

Bobbi Flekman

    The Computer Whisperer

  • Expert
  • 3,761 posts
  • MVP
Hey Ruth,

I looked at the file, and to me it looks like a log file from some sort of web server, or backdoor.

I PM'd you... If this is personal data, I don't want to spread it out on the net :tazz:
  • 0

#78
Bobbi Flekman
Posted 20 October 2005 - 11:01 AM

Bobbi Flekman

    The Computer Whisperer

  • Expert
  • 3,761 posts
  • MVP
Hi Ruth,

as said in PM this is generic fix for this infection.

Launch Notepad, and copy/paste the box below into a new text file. Save it as fixme.reg and save it on your Desktop.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Srv32Win"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]
"C:\%Windir%\unvise32.exe"=-

[-KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KeyCaptor]

Locate fixme.reg on your Desktop and double-click on it.
You will receive a prompt similar to: "Do you wish to merge the information into the registry?".
Answer "Yes" and wait for a message to appear similar to "Merged Successfully".

The above Registry file was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!

Delete the following files in red (it could be that they are deleted already):

C:\WINNT\kcopts.dat
C:\WINNT\NTInvisible.dll
C:\WINNT\SystemSA32.dll
C:\WINNT\unvise32.exe
C:\WINNT\spysplash.dat

Delete the following folders in red (it could be that they are deleted already):

C:\Program Files\KeyCaptor
C:\Documents And Settings\Ruth\Start Menu\Programs\Keycaptor

Can you post a log from SpywareDoctor and HijackThis after this. Thanks.
  • 0

#79
Kat
Posted 06 November 2005 - 04:10 PM

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP